423 matches found
CVE-2026-23733
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting XSS vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Executi...
Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002129)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002129 advisory. The SMB2tcon function in fs/cifs/smb2pdu.c in the Linux kernel before 3.16.3 allows remote CIFS servers to cause a denial of service NULL pointer dereference and...
Security update for MozillaFirefox
This update for MozillaFirefox fixes the following issues: Update to Firefox Extended Support Release 140.7.0 ESR bsc1256340. MFSA 2026-03 CVE-2026-0877: Mitigation bypass in the DOM: Security component CVE-2026-0878: Sandbox escape due to incorrect boundary conditions in the Graphics: CanvasWebG...
CVE-2026-0882
Use-after-free in the IPC component. This vulnerability affects Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
UBUNTU-CVE-2026-0882
Use-after-free in the IPC component. This vulnerability was fixed in Firefox 147, Firefox ESR 115.32, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
PT-2026-2644
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Firefox ESR versions prior to 115.32 Firefox ESR versions prior to 140.7 Description A use-after-free issue exists in the IPC component. This can potentially lead to undesirable behavior. Recommendations Update...
CVE-2025-67813
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...
EUVD-2026-1927
Quest KACE Desktop Authority through 11.3.1 has Insecure Permissions on the Named Pipes used for inter-process communication...
CVE-2025-14979
AirVPN Eddie on macOS is affected by CVE-2025-14979 due to an insecure XPC service that allows local, unprivileged users to escalate privileges to root. Affected version: Eddie 2.24.6. Documented impact is local privilege escalation with high confidentiality/integrity/availability implications. R...
CVE-2023-54280 cifs: fix potential race when tree connecting ipc
In the Linux kernel, the following vulnerability has been resolved: cifs: fix potential race when tree connecting ipc Protect access of TCPServerInfo::hostname when building the ipc tree name as it might get freed in cifsd thread and thus causing an use-after-free bug in treeconnectdfstarget. Als...
CVE-2022-50748
In the Linux kernel, the following vulnerability has been resolved: ipc: mqueue: fix possible memory leak in initmqueuefs commit db7cfc380900 "ipc: Free mqsysctls if ipc namespace creation failed" Here's a similar memory leak to the one fixed by the patch above. retiremqsysctls need to be called...
PT-2025-53033
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A resource leak exists in the ksmbd session rpc open function within the kernel's ksmbd component. When ksmbd rpc open fails, it does not properly call ksmbd rpc id free to release...
CVE-2025-67744
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to version 0.5.3, a security vulnerability exists in the Mermaid diagram rendering component that allows arbitrary JavaScript execution. Due to the exposure of the Electron IPC renderer...
EUVD-2025-203099
BuhoNTFS contains an insecure XPC service that allows local, unprivileged users to escalate their privileges to root via insecure functions.This issue affects BuhoNTFS: 1.3.2...
CVE-2025-13733
BuhoNTFS (v1.3.2) is affected by CVE-2025-13733 due to an insecure XPC service that enables local, unprivileged users to escalate to root via insecure functions. This conclusion is supported by multiple connected sources (NVD, Red Hat, EUVD, CIRCL, CVE lists, and vulnerability feeds) all describi...
Dr.Buho BuhoNTFS 安全漏洞
Dr.Buho BuhoNTFS is an NTFS driver from the Chinese company Dr.Buho. A security vulnerability exists in Dr.Buho BuhoNTFS version 1.3.2, which originates from an insecure XPC service and could result in local user privileges being elevated to root...
Google Pixel 安全漏洞
Google Pixel is a smartphone from Google, an American company. Google Pixel has a security vulnerability that stems from improper validation of the aocservicereadmessage input in aocipccore.c, which could lead to local elevation of privilege...
tipc: Fix use-after-free in tipc_mon_reinit_self().
...
CVE-2025-66562 TUUI vulnerable to Remote Code Execution (RCE) via XSS in Markdown ECharts Rendering
TUUI is a desktop MCP client designed as a tool unitary utility integration. Prior to 1.3.4, a critical Remote Code Execution RCE vulnerability exists in Tuui due to an unsafe Cross-Site Scripting XSS flaw in the Markdown rendering component. Tuui allows the execution of arbitrary JavaScript with...
CVE-2025-66222
DeepChat is a smart assistant uses artificial intelligence. In 0.5.0 and earlier, there is a Stored Cross-Site Scripting XSS vulnerability in the Mermaid diagram renderer allows an attacker to execute arbitrary JavaScript within the application context. By leveraging the exposed Electron IPC...